Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/F0IbAy4DBD4R1tpVF-eK43aChYk.roa
File:                     F0IbAy4DBD4R1tpVF-eK43aChYk.roa (raw, json)
Hash identifier:          g2J1Nb8U1OTOvAcJ8xV0/WW6sKBzgLg58jRt1vEU/0g=
Subject key identifier:   17:42:1B:03:2E:03:04:3E:11:D6:DA:55:17:E7:8A:E3:76:82:85:89
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019C912CA17A68B7A186E87F0199AE240AED
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/F0IbAy4DBD4R1tpVF-eK43aChYk.roa
Signing time:             Tue 24 Feb 2026 19:42:27 +0000
ROA not before:           Tue 24 Feb 2026 19:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        212.100.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:91:2c:a1:7a:68:b7:a1:86:e8:7f:01:99:ae:24:0a:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Feb 24 19:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17421b032e03043e11d6da5517e78ae376828589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6a:9e:b3:b1:79:6c:04:34:83:81:56:19:a2:
                    52:77:79:8f:c5:ca:f8:24:02:39:87:4c:e0:48:83:
                    f3:9f:bb:f7:db:02:50:ae:63:54:06:4e:b7:57:f6:
                    5c:31:2c:41:36:44:84:68:2a:b6:23:03:2f:d2:4c:
                    23:5c:de:68:a3:24:6c:95:27:ca:06:9d:bd:6a:f8:
                    b3:62:eb:19:3a:95:a2:16:2f:18:a1:11:01:46:61:
                    f6:be:82:20:af:a6:3e:17:36:1f:11:ad:ac:aa:c3:
                    fd:0a:2b:59:fd:f0:1a:6d:fe:60:25:a7:7b:d7:d1:
                    0d:82:3c:b2:96:17:5c:6f:e9:f6:84:c5:f3:58:65:
                    fc:92:4f:c9:45:89:27:6b:ab:2a:36:b4:14:21:7e:
                    f1:66:79:e2:ef:0a:b9:d6:34:1d:d3:06:5d:63:0a:
                    2e:5e:3a:24:a7:3b:b6:bd:2b:70:4a:06:0e:46:df:
                    45:0c:90:a2:5e:ab:e6:b2:03:c8:06:f2:61:85:67:
                    b8:df:00:b0:c5:3f:51:16:7d:14:47:c3:be:78:f8:
                    65:b4:14:d2:eb:4c:9d:33:f4:ce:75:61:a5:28:cf:
                    46:98:66:56:fc:55:93:41:2d:37:fc:ab:db:04:ab:
                    72:8a:99:0d:1c:6b:96:75:55:41:3d:76:d7:3b:83:
                    cd:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:42:1B:03:2E:03:04:3E:11:D6:DA:55:17:E7:8A:E3:76:82:85:89
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/F0IbAy4DBD4R1tpVF-eK43aChYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:84:5d:9d:a2:30:41:27:15:f9:3d:e0:5f:b3:32:50:a6:43:
         bd:74:62:b3:f2:a6:26:73:1d:50:9f:b6:fd:d7:20:b8:dc:d6:
         a3:ea:67:59:ac:a5:6b:60:0d:09:b9:53:16:e9:ac:43:a7:9b:
         87:45:97:0f:b5:01:33:24:4f:a0:68:e7:36:d8:7c:e8:b4:d0:
         7c:5b:d7:8c:ad:f5:b9:00:3a:8e:08:ee:d9:09:8f:ec:00:21:
         f9:8d:51:cc:ff:28:19:0c:a4:82:66:7d:3f:af:ef:49:32:e4:
         87:d8:c6:54:6a:24:40:1c:a2:b2:ee:a7:e3:0e:78:d8:c8:9a:
         4a:a3:4b:6b:ec:8e:b2:c1:82:cc:30:11:85:22:e4:1e:ff:0f:
         39:1f:a7:3c:9a:a0:fe:e0:4a:ba:f6:ef:5b:45:5a:fe:47:6b:
         3d:2b:98:ac:c7:85:8f:ae:8c:15:af:8c:d5:36:10:c2:8d:bb:
         d6:25:5a:a0:a1:1e:66:ab:4b:a5:d2:36:09:9e:74:94:22:e9:
         5b:a5:40:d9:a5:0c:a8:dd:d9:8f:b7:b1:e8:04:bc:e8:6e:a2:
         9d:31:a3:ab:cf:ec:fe:e5:7b:60:0c:cb:c2:df:11:5c:f6:55:
         89:83:13:1b:06:93:9d:ca:02:d9:60:2f:37:a2:63:90:f2:07:
         b1:08:bd:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyRLKF6aLehhuh/AZmuJArtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjYwMjI0MTk0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzQyMWIwMzJlMDMwNDNlMTFkNmRhNTUxN2U3OGFlMzc2ODI4NTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2qes7F5bAQ0g4FWGaJSd3mPxcr4
JAI5h0zgSIPzn7v32wJQrmNUBk63V/ZcMSxBNkSEaCq2IwMv0kwjXN5ooyRslSfK
Bp29avizYusZOpWiFi8YoREBRmH2voIgr6Y+FzYfEa2sqsP9CitZ/fAabf5gJad7
19ENgjyylhdcb+n2hMXzWGX8kk/JRYkna6sqNrQUIX7xZnni7wq51jQd0wZdYwou
Xjokpzu2vStwSgYORt9FDJCiXqvmsgPIBvJhhWe43wCwxT9RFn0UR8O+ePhltBTS
60ydM/TOdWGlKM9GmGZW/FWTQS03/KvbBKtyipkNHGuWdVVBPXbXO4PNyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBdCGwMuAwQ+EdbaVRfniuN2goWJMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvRjBJYkF5NERCRDRSMXRwVkYtZUs0M2FDaFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GSrMA0G
CSqGSIb3DQEBCwUAA4IBAQAahF2dojBBJxX5PeBfszJQpkO9dGKz8qYmcx1Qn7b9
1yC43Naj6mdZrKVrYA0JuVMW6axDp5uHRZcPtQEzJE+gaOc22HzotNB8W9eMrfW5
ADqOCO7ZCY/sACH5jVHM/ygZDKSCZn0/r+9JMuSH2MZUaiRAHKKy7qfjDnjYyJpK
o0tr7I6ywYLMMBGFIuQe/w85H6c8mqD+4Eq69u9bRVr+R2s9K5isx4WProwVr4zV
NhDCjbvWJVqgoR5mq0ul0jYJnnSUIulbpUDZpQyo3dmPt7HoBLzobqKdMaOrz+z+
5XtgDMvC3xFc9lWJgxMbBpOdygLZYC83omOQ8gexCL0A
-----END CERTIFICATE-----